cyberMonk
/
liberethos_paradigm
2
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

CloudFlare hijacked the name "Cloud Firewall" and commits false advertizing

This commit is contained in:
cyberMonk 2021-03-24 13:08:29 -04:00
parent 06486513a3
commit 553b8bd74d
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rap_sheets/cloudflare.md
View File

@ -48,7 +48,11 @@
[41-cache]: https://web.archive.org/web/20171024040313/www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5
[42]: https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis
[43]: <https://web.archive.org/web/20210226152834/boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html> "using mirror to avoid CloudFlare"
[TrademarkTroll]: <https://web.archive.org/web/20210120103517/www.cloudflare.com/learning/cloud/what-is-a-cloud-firewall> "using mirror to avoid CloudFlare"
[cloudFW]: https://addons.mozilla.org/en-US/firefox/addon/cloud-firewall
[rbi]: <https://web.archive.org/web/20210323130327/blog.cloudflare.com/browser-isolation-for-teams-of-all-sizes> "using mirror to avoid CloudFlare"
[rbiDiscrimination]: <https://toot.cafe/@matt/105939502971295092> "warning: Amazon link"
[RBIzeroTrust]: <https://web.archive.org/web/20210323130454/https://blog.cloudflare.com/cloudflare-and-remote-browser-isolation> "using mirror to avoid CloudFlare"
# CloudFlare
@ -78,6 +82,7 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizen attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
1. CF discriminates against people with impairments and disabilities
1. CF attacks robots that help provide an alternative user interface for users that are impaired or handicapped. This attack violates some WCAG 2.0 principles mentioned in the next table regardless of the role of CAPTCHA (which itself violates WCAG 2.0 principles).
1. CF has [deployed][rbi] a *remote browser isolation* service that [discriminates against visually impaired people][rbiDiscrimination].
1. CF imposes a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles][16]:
| ***WCAG Principle*** | ***How the Principle is Violated*** |
|---|---|
@ -144,9 +149,10 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
1. CloudFlare **stifles innovation** and culture. Robots are a crucial component to innovation. CF's attack on robots means people can't even use wget to download files. As a consequence, mp3 files (for example) can only be downloaded one at a time by manually clicking on each file. An immeasurably broad range of innovations depend on robots to provide capabilities that are not economically viable with manual labor. Many robotic innovations are created for the sole purpose of improving the usability of user interfaces that are either poorly designed for all users or the design overlooks the needs of some users.
1. **False statements, deceptive practices, and poor character of CloudFlare**
1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit.
1. CloudFlare has [hijacked][TrademarkTroll] the name of a tool that protects user *from* CloudFlare: [Cloud Firewall][cloudFW]. Cloud Firewall is a browser add-on that helps users block CloudFlare sites that they visit inadvertently. CloudFlare recently created a product of their own that uses the same name. Web searches for "Cloud Firewall" fill the first page of results with links to their corporate product, and with the browser add-on buried.
1. False errors are displayed when j/s is disabled.
1. CloudFlare [deceives][1] website visitors into believing their connection is secure (HTTPS & browser padlock) when in fact the user is MitMd.
1. CloudFlare has been caught making false statements to the public. CF said in their [FaQ][34]: "*Why should I trust Cloudflare? You dont need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers,*" the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust.
1. CloudFlare has been caught making false statements to the public. CF said in their [FaQ][34]: "*Why should I trust Cloudflare? You dont need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers,*" the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust. This is a pattern. CloudFlare [claims][RBIzeroTrust] browser isolation *"is a zero-trust approach"*, then proceeds to advertise their *remote* browser isolation service, which gives CloudFlare a view of everything the user accesses and sees on their browser window, including sessions to non-CloudFlare websites. They repeatedly [spread][rbi] the "Zero Trust web browsing" lie without being held accountable by *truth in advertizing* laws.
1. CloudFlare [deceives][35] users about what the problem is, causing users to blame Tor or their browser. CloudFlare suggests to Tor users who reach the CAPTCHA "If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware."
1. Lack of human decency -- CF's mean-spirited CEO [displays][36] [schadenfreude][37] amid the grief his company has caused innovative people who use the web non-maliciously.
1. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers [receive spam][38] from CF without express consent and possibly contrary to privacy policies. This is deceptive because spam mitigation is one of CloudFlare's selling points.